Check PKCS#8 pkey field is valid before cleansing. (Imported from upstream's 52e028b9de371da62c1e51b46592517b1068d770.) Change-Id: If980d774671b9b5ba997db3fd7d4043525a85609 Reviewed-on: https://boringssl-review.googlesource.com/6445 Reviewed-by: David Benjamin <davidben@chromium.org> Reviewed-by: Adam Langley <agl@google.com>

commit: 2e64f1b5d5838ab80786bf851e88b2254879c6ae [log] [tgz]
author: Adam Langley <agl@google.com> Fri Nov 06 16:02:39 2015 -0800
committer: Adam Langley <agl@google.com> Mon Nov 09 23:06:13 2015 +0000
tree: e0743d70cef0e3bda401b7242169282862ffbe41
parent: f606f9831b648907514ff358b89fc120aa9c1c4f [diff]
diff --git a/crypto/pkcs8/p8_pkey.c b/crypto/pkcs8/p8_pkey.c
index bd9d30c..c69d0fa 100644
--- a/crypto/pkcs8/p8_pkey.c
+++ b/crypto/pkcs8/p8_pkey.c

@@ -66,7 +66,7 @@
   /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
   if (operation == ASN1_OP_FREE_PRE) {
     PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
-    if (key->pkey &&
+    if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING &&
         key->pkey->value.octet_string) {
       OPENSSL_cleanse(key->pkey->value.octet_string->data,
                       key->pkey->value.octet_string->length);
commit	2e64f1b5d5838ab80786bf851e88b2254879c6ae	[log] [tgz]
author	Adam Langley <agl@google.com>	Fri Nov 06 16:02:39 2015 -0800
committer	Adam Langley <agl@google.com>	Mon Nov 09 23:06:13 2015 +0000
tree	e0743d70cef0e3bda401b7242169282862ffbe41
parent	f606f9831b648907514ff358b89fc120aa9c1c4f [diff]